Читать книгу Security Engineering - Ross Anderson - Страница 110

Such incidents taught people to protect passwords by encrypting them using a one-way algorithm, an innovation due to Roger Needham and Mike Guy. The password, when entered, is passed through a one-way function and the user is logged on only if it matches a previously stored value. However, it's often implemented wrong. The right way to do it is to generate a random key, historically known in this context as a salt; combine the password with the salt using a slow, cryptographically strong one-way function; and store both the salt and the hash.